Lucene search

[email protected]CVE-2002-1160

HistorySep 01, 2004 - 4:00 a.m.

CVE-2002-1160

2004-09-0104:00:00

[email protected]

web.nvd.nist.gov

cve-2002-1160

security

pam

mit-magic-cookies

root privileges

local users

6.5 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

9.6%

JSON

The default configuration of the pam_xauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user’s credentials after root uses su.

Affected configurations

NVD

Node

redhatlinuxMatch7.1

redhatlinuxMatch7.2

redhatlinuxMatch7.3

redhatlinuxMatch8.0

CPENameOperatorVersion
redhat:linuxredhat linuxeq7.1
redhat:linuxredhat linuxeq7.2
redhat:linuxredhat linuxeq7.3
redhat:linuxredhat linuxeq8.0

CPE	Name	Operator	Version
redhat:linux	redhat linux	eq	7.1
redhat:linux	redhat linux	eq	7.2
redhat:linux	redhat linux	eq	7.3
redhat:linux	redhat linux	eq	8.0

References

distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000693

marc.info/?l=bugtraq&m=104431622818954&w=2

sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55760

www.iss.net/security_center/static/11254.php

www.kb.cert.org/vuls/id/911505

www.mandrakesoft.com/security/advisories?name=MDKSA-2003:017

www.redhat.com/support/errata/RHSA-2003-028.html

www.redhat.com/support/errata/RHSA-2003-035.html

www.securityfocus.com/bid/6753

6.5 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

9.6%

JSON

Related for CVE-2002-1160

cert1 redhat1 cvelist1 nessus2 nvd1